Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Back to the future: the threat of more terrorist attacks against the UK

Peter Power looks at how the UK terrorism threat is changing and what business continuity managers can do to ensure their organization is prepared.

On Saturday 5th July 2014, a letter to the editor of the Times from a reader living in Hampshire, UK, stated that it is wrong to believe that Muslims are more likely to be terrorists by assuming they alone travel across the world to fight in a jihad. The author drew attention to the ancient Crusades "when Christians from all over Europe travelled to the Holy Land and treated its Muslim population with unspeakable cruelty. Muslims remember".  This certainly got me thinking: does the West never remember, while the East never forgets?  Maybe we can never understand the present until we understand the past?
In this article I will look at sometimes distant times to try and understand the present threats; and especially the emerging threat engendered by the Islamic State (IS) militants (formerly ISIS).

In June 2014 David Cameron warned of the threat to the UK if an ‘extreme Islamist regime’ is created in central Iraq. He told MPs: "The people in that regime - as well as trying to take territory - are also planning to attack us here at home in the UK."

Baroness Neville-Jones, a former chair of the Joint Intelligence Committee, who was security minister between 2010 and 2011, said the Prime Minister was right to take the "mounting threat" extremely seriously.

The view was reiterated on August 17th, with Mr. Cameron stating in an article in the Sunday Telegraph that: “The West is embroiled in a generational struggle against a poisonous brand of Islamic extremism that will bring terror to the streets of Britain unless urgent action is taken to defeat it.”

The worldview of IS is vehemently anti-Western and it would take just one command from their Amir (leader) to send some jihadists back to Britain to carry out an attack; or attacks. But before we look at this type of threat a little deeper, let's return to what the author of the Times letter was getting at: to take a different view on what we might consider a historical irrelevance, but which is something that those who pose a threat to us today still take seriously.  

Back in 1099, at the time of the Crusades, Fulcher of Chartres, Chaplin to the Christians who massacred c40,000 Muslim and Jewish men women and children in Jerusalem, reported  that "All who die by the way, whether by land or by sea, or in battle against the pagans, shall have immediate remission of sins. This I grant them through the power of God with which I am invested … it was a just and splendid judgement of God that this place should be filled with the blood of the unbelievers".  

This sort of blood curdling rhetoric to justify atrocities in the name of a God or Prophet might be from the past, but it is also from the present when you consider how it must resonate through the centuries in that region. 

Despite actions by the British Government and the best efforts of the security services, hostile Islamist networks remain in place within the UK and their propagandists have infiltrated schools, charities, prisons and universities. Eradicating their influence will take years, if not decades, as will opening up the often closed communities whose links to their homelands (fostered via satellite television) are sometimes far stronger than to the country where they presently live.

Terrorism persistently mutates as it continues to claim sensational headlines, sometimes out of proportion to its net impact.  Yet it remains a disputed term: few, if any, of those labelled as ‘terrorists’ describe themselves as such: The United Nations condemns it, but is unable to define it. One person’s brain-washed suicide bomber is another person’s heroic martyr. We may think we can grasp some of the issues behind this entangled threat, but we are probably wrong!

Take for example, what the World Economic Forum reported in 2013: "the tremendous impact of 9/11 encourages us to think about individuals from one country attacking innocent civilians from another country. However, 90% of terrorist attacks last year (2012) were actually domestic attacks.... because of the seemingly irrational nature of the 9/11 al-Qa’ida attack, it is easy to lose sight of the fact that a large number of terrorist attacks involve fairly rational political disputes over territory. This explains in large part all of the top ten most active terrorist groups of the modern era”.

But does this assertion help to explain why, in the last 12 months, global fatalities from acts of terrorism have risen 30 percent compared to the previous five year average? (According to a Maplecroft risk analysis.)

Without a globally accepted definition of terrorism it is impossible to criminally prosecute individuals at the international level. All terrorism related matters must be dealt with at the domestic level, which in turn, complicates issues still further when transnational terrorism spans a multitude of legal jurisdictions.

Understanding, let alone defeating, the threat is therefore not straight forward. There are dangers in overreacting, but there are also serious risks in underreacting. Catastrophic attacks such as 9/11 tend to be Black Swans: an event which comes as a complete surprise; has a major effect; is often inappropriately rationalised; and where the victims do not believe the threat exists until it happens. The disproportionate existence of high-profile, hard-to-predict, and rare events such as 9/11, that are beyond the realm of normal expectations, can sometimes skew our interpretation of the true threat, which is often about weapons of mass effect, rather than mass destruction. 

Perhaps that is one reason why on August 2nd 2014, thirteen years after 9/11, nine years after synchronised suicide bombers hit London transport, six years after simultaneous terrorist attacks across the city of Mumbai and one year after the Westgate shopping mall attack in Kenya, David Cameron said that "In 2014, the world is more unpredictable than ever". 

So what might the next attack look like in the UK? 

One type of hit might be across computer networks; so called cyber attacks. The UK National Security Strategy has classed cyber security as one of the top priorities for Britain, alongside international military crises and natural disasters. The government has already allocated £650 million GBP over four years to establish a new National Cyber Security Programme to strengthen the UK’s cyber security capacity and, more recently, the Chancellor of the Exchequer announced a further £210 million investment. 

The cyber threat is obviously immense, but in the space available for this article I want to focus on the likelihood of physical attacks.  As the former head of MI5, Eliza Manningham-Buller, said in relation to one form of physical attack: "We are faced with a realistic possibility of a form of unconventional attack that could include chemical, biological, radiological or nuclear (CBRN). It is only a matter of time before a crude version of a CBRN is launched on a Western city." 

We can assume that terrorist organizations will try and choose their attacks against the UK to achieve their main goals. Most often these are destabilisation, media attention and recruiting new members; increasingly within the context of a holy war. Basically, terrorists must decide on deploying their resources as solitary attacks spread out over time, or a smaller number of coordinated attacks.

Coordinated attacks, let's say using conventional rather than CBRN weapons, are likely to cause more disruption and havoc than single attacks as they usually occur in several separate locations, resulting in an increase in the total number of potential victims, damage to property and in an age of 'citizen journalism', more sensational media coverage.  These types of simultaneous attacks require greater preparation and organization as they are more difficult to execute than single incidents, thus individuals with more advanced capability will often be assigned to oversee coordinated assaults.  As a result, simultaneous attacks are likely to have greater impact than single ones.  Also, only one portion of the attack needs be successful in order to achieve the objective of propelling the target community into a condition of fear.  If a single attack that is part of a coordinated effort fails, the campaign can still be a success if one of the other parts of the effort succeeds. An unsuccessful solo attack may not receive a vast amount of media attention, but a coordinated campaign with one unsuccessful component is still likely to grab the headlines.

However, the more active and capable a terrorist becomes, so he/she will be increasingly known to the security services with their exceptionally sophisticated means of gathering both human and signal intelligence. This means that the more complex the planning arrangements of a terrorist attack(s) become, so the more likely it is the planners will be detected: in my view, making a number of simultaneous attacks slightly less, rather than more likely, in the UK.  At least for now.

Having said that, my fear is that other types of attack might still occur at once, while we are concentrating on just one group.

Connected with this, from a media/target/victim point of view, we sometimes appear obsessed with whatever is involved in the most recent terrorist scenario; rather than focusing on the extent, duration and capability of the wider threat against our cities. Defeating the last terrorist does not always protect against the next one.  

So where does all this leave us?

The UK Government National Risk Register uses a scale of 1-5 to indicate low to high probability of occurrence and impact of terrorist events. It currently assesses a catastrophic terrorist attack as 5 for impact, but 2 for probability.  Cyber attacks, attacks on crowded places and against the transport system are all considered as 3 in terms of impact. In the case of transport the probability of attack is 5, with crowded places being 4.

Simultaneous attacks against different major UK cities is not currently included in the Risk Register, but probably is a consideration in the classified National Risk Assessment (the Risk Register is an unclassified, version of the National Risk Assessment). 

Perhaps from a security services point of view, four key points stand out:

  • You cannot put everyone in the UK who disagrees with Western soldiers perceived as crusading in Muslim countries under 24 hour surveillance, 'just in case they might be' planning some sort of attack in response.
  • It is one thing to be somewhere on the MI5/6 radar, quite another for the security services to take invasive action to track movements.
  • It is a question of judgement and priority. With many people using blood thirsty jihadist rhetoric in meetings and across the Internet, you have to deploy limited security resources using best judgment. We do not live in a Police State in the UK.
  • Intelligence is seldom evidence, so just because you have it, it does not mean that you can use it in a court of law to obtain convictions.

Also, it is worth remembering that, although the death toll might be high and the images sensational, the net impact of coordinated attacks in cities might not be as great as you might think. Mumbai is the financial and commercial hub for India, yet the all-important economic impact on that country was comparatively small. The Association of Corporate Travel Executives, a US-based non-profit group,  surveyed 134  corporate  travel managers  after  the Mumbai attacks and found  that  just  six percent planned to curtail travel to the region (however 78 percent were reviewing their hotel contracts with a greater  emphasis  on  security). 

People like me, in Britain, who spend most of their day in the world of business continuity, risk and crisis management have a role to play in all this.  For a start we can:

  • Use the National Counter Terrorism Security Office (NaCTSO) website where there is a free on line self assessment tool to help determine the exposure to terrorist attack in your location. It consists of 32 questions to provide an understanding of the threat to your location and what you need to put in place to reduce your vulnerability.  The Vulnerability Self Assessment Tool (VSAT) will provide you with sign posting to best practice, a business continuity management tool and a written assessment report with recommendations covering, physical security, personnel security, information security, good house keeping and risk management.
  • Sign up for Project ARGUS, which is another NaCTSO led initiative that asks businesses and other organizations to consider their preparedness for a terrorist attack. It achieves this by guiding readers through a simulated multi-media attack which identifies the measures that can assist in preventing, handling and recovering from such an incident.
  • Contact your local police service to find out more about Project Griffin which is aimed at protecting UK cities and communities from the threat of terrorism. It brings together and coordinates the resources of the police, emergency services, local authorities, business and the private sector. It was developed by the City of London Police and formally introduced across London in April 2004 with a remit to advise and familiarise managers, security officers and employees of large public and private sector organizations on counter-terrorism issues. The project is now being implemented by police forces, cities and communities throughout the UK and has also generated interest overseas, particularly in the United States, Canada and Australia.

And finally, back to the Times newspaper: As I write these words the headline is again about the UK and one of its allies once again confronting so called soldiers of radical Islam  in the Middle East.  Plus ça change, as the French would say....

The author:
Peter Power has been MD of Visor Consultants (UK) Ltd since 1995. He is co-author of the recent UK Standard on Crisis Management (BS 11200) and a past member of the UK National Security Commission (IPPR). He has considerable real time experience of many crises, including terrorism when he was attached to Scotland Yard's Anti Terrorist branch during a period of sustained bombing against London.  Peter is an international speaker, writer and a Fellow of the Institute of Risk Management and a Fellow of the Business Continuity Institute. He has been a Special Advisor to the World Conference on Disaster Management since 2001.

•Date: 19th August 2014 • UK •Type: Article • Topic: Terrorism

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here